There is a better way. Regulators — state, federal and industry-specific — should focus on rules for enterprises and hyperscalers deploying genAI tools rather than the vendors creating and selling the technology. (Granted, the big hyperscalers are also selling their own flavors of genAI, but they are different business units with different bosses.)
Why? First of all, enterprises are more likely to cooperate, making compliance more likely to succeed. Secondly, if regulators want vendors to take cybersecurity and privacy issues seriously, take the fight to their largest customers. If the customers start insisting on the government’s rules, vendors are more likely to fall in line.
In other words, the paltry fines and penalties regulators can threaten are nothing compared to the revenue their customers provide. Influence the customers and the vendors will get the message.
Source: Computer World